OZmium Sports Betting and Horse Racing Forums

OZmium Sports Betting and Horse Racing Forums (http://forums.ozmium.com.au/index.php)

- Horse Race Betting Systems (http://forums.ozmium.com.au/forumdisplay.php?f=10)

- - Calling Crash (http://forums.ozmium.com.au/showthread.php?t=13662)

Hey Crash,
You started a useful thread (at least I think it was you) on protection for your computer some time ago. It included a little scottie *** that looked out for people trying to put things in your start up menu. Well, I can't find the thread anywhere.
a) Can you locate the thread for me.
b) If not, what was the name of that little scottie *** program.

I lost him when my hard disk crashed a while back.

Cheers,
KV

Quote:

Originally Posted by crash

This is a copy and paste of a file I have kept after originally posting it on this forum. It should be a 'sticky' as PC protection is poorly understood and inadequately applied with all sorts of dodgy and overpriced rubbish [NORTON'S would be the most common and pathetic in this category].

My personal 'top of the hit parade' and what I use for PC protection.

Kasperski is cheap [trial available], trouble free, unobtrusive and does the job NORTON'S pretends to do.

Kaspersky Anti-hacker [firewall]
Kaspersky Anti-Virus Personal [anti-virus and genuine Trojan killer].
At: www.Kasperky.com

or a good freebie is Zone Alarm [google it].

The below list is what I use on my PC or set up for friends on their PC as there is no perfect program that does it all. A Combo is the way to go that together 'does it all'. They are very well known and considered among the best going and are free. Please use only these [safe] download sites as there are many 'clones' of these well known programs that are not the real thing:

'Spybot' Free at: http://spybot.safer-networking.de/

'SpywareBlaster' is the spybot companion piece. Free at: http://www.javacoolsoftware.com/spywareblaster.html

'Ad-Aware SE Personal' Free at: http://www.lavasoftusa.com/software/adaware/

Win Patrol: http://www.winpatrol.com/ [Free] This program protects and patrols your start-up programs and stops any unauthorized programs becoming start-up programs or hijacking and taking over existing programs, plug-ins active-X controls etc.]

'HijackThis' Free at: http://www.spywareinfo.com/~merijn/downloads.html

This baby tells you exactly whats happening threat wise you may not know about on your PC. [the threat might actually be from a spyware program itself that you have paid good money for or got for free].

After scanning with 'HighjackThis' you will see a log of all start-up programs and processes, active -X controls and plug-ins etc. on your PC with a 'what's this?' and a 'fix' button. DO NOT press the 'fix' button on something suspicious you have ticked unless you know it is dangerous, you might be removing something vital to your PC. Follow the advice below and copy and paste the log onto one of the many sites that will interpret the log for you.

Spyware Warrior advice about 'Highjack-This': "Where possible, users should become familiar with the use of HijackThis in order to remove stubborn spyware and adware that standard anti-spyware scanners fail to remove. Less experienced users should know how to get help from the e***** volunteers who provide free 'HijackThis' log advice and analysis at major anti-spyware forums".

Wack this nice lot above on your PC and you are at max safety and it's then safe to even do internet banking. What was that you say? You already do internet banking without ALL of the above [or similar that is as good] protection ? !!! 8-)

Cheers,
Crash

And here is the link for the thread

http://forums.ozmium.com.au/showthread.php?t=13120

hope this helps

I would just like to put a warning on "HijackThis" it can be a very dangerous program if you are not sure what you are doing.

Results of using this program can range from programs not starting to the whole computer refusing to boot in to windows.

Quote:

Originally Posted by Shaun

I agree Shaun, hijack this 'can be' a dangerous program but it is not the use of it that is dangerous, it's what you might be tempted to tick and delete. NEVER DO THAT :-)

Example of typical logfile of running processes:

Logfile of HijackThis v1.99.1
Scan saved at 10:56:56 AM, on 3/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WF2K.EXE
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Desktop\toolbox\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - **06849E9F-C8D7-4D59-B87D-784B7D6BE0B3** - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - **53707962-6F74-2D53-2644-206D7942484F** - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: (no name) - **08B0E5C0-4FCB-11CF-AAA5-00401C608501** - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - **08B0E5C0-4FCB-11CF-AAA5-00401C608501** - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683** - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683** - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\**9C3DF2CC-9E50-49C6-A11A-43AFEC7C26F8**: NameServer = 203.49.70.20 139.134.2.190
O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\system32\catsrvut.dll
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Typical log file [note 'win patrol'/scottie ***]. Apart from the obvious, how many users would know if one of those above processes is a 'nasty' and should not be on the computer? Very few.

The idea if there is a PC problem is to 'copy and paste' log to a website like www.spywarewarriors.com where there is a special section to do that and there will be heaps of help from puter users who do know exactly what's what. Without 'Hijack this' there is no way of knowing whats wrong if you still have problems after trying all the usual fixes. Hijack this will nail it. Or I should say someone at 'spyware warrior' forum will from your log.

PS. I'm glad I did put that log up here. I just noticed somthing that should not be there !! [not dangerious, just annoying].

Thanks guys, the little dawg is reinstalled.

Spy Bot and PC security...

Hi guys,
for top advice on Spy Bot (you can post the whole log) and other security issues - try this forum http://www.windowsbbs.com/ they really know what they're doing - got me outta trouble a few times.

Den

I personally don't like "scottie"

Although it provides protection, it is not very user friendly.

Consider the free program a-squared : it's worth it's weight in gold.

When using Hijack this, always seek advice from someone before deleting anything. What you are looking for in general is BHO entries which are not supposed to be there. In the above log posted obviously Adobe and Spybot should be there, but often you will find something really sus and it's safe to remove.

There is also a program called SmitRem which is good for reclaiming a hijacked computer.

Any issues I can help with - I will - that's my main job ;)

Ewido is also an excellent program.

Most people do not realise that they should delete the system restore points to clear unremovable entries, boot into safe mode and log into the admin account to remove the nasties, that way they are not unremovable or loaded into memory and therefore "in use".

Just a tip.

Scottie stops your PC being hijacked in the first place and it's free. I've never had my PC hijacked using it and there were several attempts when I was [once upon a time] using Nortons firewall ....

Although I don't use it myself now, as a freebie ZoneAlam is a good firewall Chrome.

For those wanting a virus checker [on your PC, not going to sites for a free check which you might not be able to do if you have certain nasties]. www.bitdefender.com has a free version [the only virus protection that I know of that's has a free version] that is tops.